Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-34036 PoC — Shenzhen TVT CCTV-DVR Command Injection

Source
https://github.com/Prabhukiran161/cve-2025-34036
Associated Vulnerability
Title:Shenzhen TVT CCTV-DVR Command Injection (CVE-2025-34036)
Description:An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When the server processes a request to /language/[lang]/index.html, it uses the [lang] input unsafely in a tar extraction command without proper escaping. This allows an unauthenticated remote attacker to inject shell commands and achieve arbitrary command execution as root. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC.
Readme
# CVE-2025-34036 - TVT DVR Simulation

This repository contains a **safe simulation** of the CVE-2025-34036 vulnerability (TVT DVR Command Injection).
It allows security researchers to test **Nuclei templates** in a controlled environment without affecting any real devices.

---

## Summary

* **Purpose:** Provide a harmless, reproducible lab that lets researchers verify Nuclei templates targeting CVE-2025-34036.
* **Scope:** Simulation only — this is *not* an exploit against real hardware or services. The simulation intentionally reproduces observable behaviour (including a verification file) so templates can be validated safely.

---

## Quick Run (Docker)

**Step 1 — Build the Docker image**

```sh
docker build -t cve-2025-34036 .
```

**Explanation**

* `docker build` → Build a Docker image from the current directory's Dockerfile.
* `-t cve-2025-34036` → Tag the image for easy reference.
* `.` → Use the current directory as the build context (expects Dockerfile, app.py, requirements.txt, etc.).

**Step 2 — Run the container**

```sh
docker run --rm -p 8080:8080 cve-2025-34036
```

**Explanation**

* `docker run` → Start a container from the image.
* `--rm` → Remove the container automatically when it stops.
* `-p 8080:8080` → Map container port 8080 to the host port 8080.

Container will be reachable at `http://127.0.0.1:8080` on the host.

**Step 3 — Test the Nuclei template**

1. Move to your local `nuclei-templates` repository (or wherever you keep templates):

```sh
cd nuclei-templates
```

2. Run nuclei against the running simulation:

```sh
nuclei -t http/cves/2025/CVE-2025-34036.yaml -u http://127.0.0.1:8080 -debug
```

**Explanation**

* `-t` points to the template YAML that describes how nuclei should test for the vulnerability.
* `-u` is the target URL (the locally running simulation).
* `-debug` prints verbose output to help confirm template behavior and troubleshoot matchers.

---

## Project Structure

```
CVE-2025-34036/
├── app.py              # Flask application simulating the vulnerable DVR endpoint
├── Dockerfile          # Docker instructions to build the containerized simulation
├── requirements.txt    # Python dependencies for running app.py
├── README.md           # Documentation (this file)
├── debug_output.txt    # Optional: sample debug output from running the Nuclei template
```
File Snapshot

 [4.0K]  /data/pocs/fe0c57be0e22130884637198527a1c091737456a
├── [1.6K]  app.py
├── [3.1K]  debug_output.txt
├── [ 118]  Dockerfile
├── [2.3K]  README.md
└── [ 109]  requirements.txt

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →